Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Struggling to get IPSec/L2TP to work

    IPsec
    1
    2
    564
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      malcmail last edited by

      I've followed the walkthrough at https://doc.pfsense.org/index.php/L2TP/IPsec a couple of times now but cannot get my VPN to work from my android phone. I'm using the latest build 2.3.3_1 so the instructions don't 100% match but it appears I've done something wrong somewhere - repeatedly. Is there a problem with it or is it just me?

      1 Reply Last reply Reply Quote 0
      • M
        malcmail last edited by

        The IPSec log if it means anything to anyone - doesn't to me sadly.

        Apr 7 09:31:48 charon 11[IKE] <20> received FRAGMENTATION vendor ID
        Apr 7 09:31:48 charon 11[IKE] <20> received DPD vendor ID
        Apr 7 09:31:48 charon 11[IKE] <20> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:48 charon 11[CFG] <20> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:48 charon 11[CFG] <20> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:48 charon 11[IKE] <20> no proposal found
        Apr 7 09:31:48 charon 11[ENC] <20> generating INFORMATIONAL_V1 request 4286656525 [ N(NO_PROP) ]
        Apr 7 09:31:48 charon 11[NET] <20> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:51 charon 11[NET] <21> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:51 charon 11[ENC] <21> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:51 charon 11[IKE] <21> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received FRAGMENTATION vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received DPD vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:51 charon 11[CFG] <21> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:51 charon 11[CFG] <21> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:51 charon 11[IKE] <21> no proposal found
        Apr 7 09:31:51 charon 11[ENC] <21> generating INFORMATIONAL_V1 request 319277664 [ N(NO_PROP) ]
        Apr 7 09:31:51 charon 11[NET] <21> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:55 charon 11[NET] <22> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:55 charon 11[ENC] <22> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:55 charon 11[IKE] <22> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received FRAGMENTATION vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received DPD vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:55 charon 11[CFG] <22> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:55 charon 11[CFG] <22> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:55 charon 11[IKE] <22> no proposal found
        Apr 7 09:31:55 charon 11[ENC] <22> generating INFORMATIONAL_V1 request 914008803 [ N(NO_PROP) ]
        Apr 7 09:31:55 charon 11[NET] <22> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:58 charon 11[NET] <23> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:58 charon 11[ENC] <23> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:58 charon 11[IKE] <23> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received FRAGMENTATION vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received DPD vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:58 charon 11[CFG] <23> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:58 charon 11[CFG] <23> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:58 charon 11[IKE] <23> no proposal found
        Apr 7 09:31:58 charon 11[ENC] <23> generating INFORMATIONAL_V1 request 3324214621 [ N(NO_PROP) ]
        Apr 7 09:31:58 charon 11[NET] <23> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy